CVE-2026-55510
Undergoing Analysis Undergoing Analysis - In Progress

Use-After-Free in ImageMagick Due to Crafted 8BIM Profile

Vulnerability report for CVE-2026-55510, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-02
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
image_magick image_magick to 7.1.2-26|end_excluding=6.9.13-51 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in ImageMagick, a software used for editing and manipulating digital images. It occurs when processing a specially crafted 8BIM profile during image identification. The crafted profile contains a specific format string that triggers the use-after-free condition, which means the program tries to use memory after it has been freed.

Impact Analysis

The impact of this vulnerability primarily affects system availability. An attacker with local access and requiring user interaction can exploit this issue to cause a use-after-free condition, which may lead to a crash or denial of service. There is no impact on confidentiality or integrity of data.

Detection Guidance

This vulnerability is triggered by processing a crafted 8BIM profile during image identification in vulnerable versions of ImageMagick. Detection involves identifying if your installed ImageMagick version is prior to 6.9.13-51 or 7.1.2-26.

You can check the installed ImageMagick version using the command:

  • magick --version

If the version is older than 6.9.13-51 or 7.1.2-26, your system is vulnerable. Additionally, monitoring logs or system crashes related to image identification operations involving 8BIM profiles may help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a fixed version, specifically version 6.9.13-51 or 7.1.2-26 or later.

Since the vulnerability requires local access and user interaction, restricting untrusted users from executing image identification commands and avoiding processing untrusted images with crafted 8BIM profiles can reduce risk.

Applying the official security patches provided by ImageMagick is the recommended immediate action.

Compliance Impact

The vulnerability in ImageMagick (CVE-2026-55510) is a use-after-free issue that affects system availability but does not impact confidentiality or integrity of data.

Since the vulnerability does not affect confidentiality or integrity, it is less likely to directly cause non-compliance with standards like GDPR or HIPAA, which primarily focus on protecting personal data confidentiality and integrity.

However, the impact on system availability could indirectly affect compliance if it leads to denial of service or disruption of services that handle regulated data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55510. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart